In order to being identified in a WPKI (Wireless PKI) environment a user should have a certain identification certificate including PKI public key (and corresponding private key stored securely) used for signing and opening messages sent by the user, for example. It is known from the prior art to provide a PKI key pair beforehand for example by a manufacturer of the terminal, or SIM/UICC-card (SIM stands for Subscriber Identity Module, and UICC for Universal Integrated Circuit Card) of the terminal, if the key pair of SIM/UICC-card is used, as well also to generate keys “on-board”. It is also known to use secured transmission path between the OTA server (Over The Air) and SIM-card when delivering a key pair to the SIM-card. When the manufacturer generates the key pair or just a key (private PKI key or a symmetric key), the public key of the key pair can be registered and connected to the user identification information reliably when the user is known when the key pair is stored in his/her terminal or the terminal with the key pair is given to the user, for example.
However, nowadays situations where a PKI key pair should be generated by a client, such as a terminal or by some component in the terminal (such as SIM/UICC-card) not until needed are become more general, such as also situations where pre-generated keys are not registered until need. To be reliable the public key of the generated key pair should be registered or certified with a certification authority, such as a mobile operator, bank or government agency.
In the prior art for example special standards are known, such as the Public-Key Cryptography Standards (PKCS), which are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. Especially a PKCS#10 (Certification Request Syntax Standard) describes syntax for a request for certification of a public key, a name, and possibly a set of attributes. It is known from the prior art to use the PKCS#10 standard to register or certificate a public key generated by a terminal with a registration server, such as the registration server of a certification authority.
There are, however, some disadvantages in the prior art solutions, namely at first in a certain prior art solution only a generated public key is returned, whereupon one cannot be sure whether the public key is the original public key generated by the terminal assumed, or is s message that has been tampered with. Secondly the public key cannot be put to a standard PKCS#10 self signed format, because it is missing the signature. Moreover if the whole PKCS#10 structure is returned, it takes a lot of SMS messages to be sent between the registering server and the terminal and therefore requires a lot of data transfer capacity of the transmission system. In addition if all the information is returned as PKCS#10 structure the returning channel needs to be secured end-to-end by authentication and encryption, which is not always possible especially in a mobile environment.